Devious Phishing Scam Ensnares Snapchat Employee Payroll Data

We talk a lot about the importance of businesses beefing up security to protect from the threat of those who might want to gain access to internal networks. Last week, we were given another great example of why: an integral piece of Linux software suffered a bug that at first seemed modest but turned out to be quite severe. These issues can creep up out of nowhere, and those who actively beef up their security will be those who suffer the least amount of hassle in the future.

As important as that kind of security is, though, some of the biggest flaws inside of a company can be the employees themselves. People make mistakes, after all, and can fall victim to a scheme that at first just seems like normal business. Snapchat is now learning this the hard way.

The bad news here is that Snapchat suffered a breach; the good news is that no users are affected in any way. This "attack", if you can even call it that, was about as simple as they come: an email was received by an employee who thought it came from the CEO; it was handled, and all hell broke loose.

“Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information,” wrote Team Snapchat. “Unfortunately, the phishing email wasn’t recognized for what it was–a scam–and payroll information about some current and former employees was disclosed externally. To be perfectly clear though: None of our internal systems were breached, and no user information was accessed.”

The breach could potentially make for awkward moments inside of Snapchat's walls if that information becomes public. If you were an employee of a company that suffered such a breach, it'd probably be pretty hard to resist checking out what all of your co-workers are earning!

While actual user/customer data was thankfully not affected, “some” current and former Snapchat employees are paying the price for the misdeeds of one employee who fell for the phishing scam. For the employees whose personal information was compromised, Snapchat is offering two years of free identity-theft insurance and credit monitoring.

“When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong,” continues Team Snapchat. “To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks.”

Snapchat says that it's "impossibly sorry" for the breach, and that it's working with the FBI to get down to the bottom of it.